CSCI 530 Lab Packet Sniffing Scenarios You are a network administrator. You suspect that some of the employees are not working and instead spending all their time at www.espn.com Could filter at the firewall for this address But you want to see what sites they are accessing, without their knowledge You are a hacker. You have compromised a system. You are unable to gain access to other systems on the network. You want to get some usernames and passwords to access these systems. Solution – Packet Sniffer Packet Sniffer A tool that captures, interprets, and stores network packets for analysis Works at the Transport layer of the OSI 7 layer model (Layer 4), but some can work at Network Layer (Layer 3) Normal network traffic is based on the destination IP address Your network card will throw away any packets that are not intended for that card In “Promiscuous Mode”, your network card will take all the packets on the network, regardless of the destination IP address. Packet Sniffer Limitations Sniffers are limited by the network topology Cannot extend beyond normal network boundaries Cannot look past a router, switch, hub, etc. However, if you put a packet sniffer on a network backbone, then you will be able to see traffic bound between intranets Examples of Packet Sniffers Ethernet Sniffers Wireless Sniffers Wireshark (formally known as Ethereal) You will be using this tool in the lab DSniff TCPDump Airopeek Bluetooth Sniffers BlueSweep BlueScanner Defending against Sniffers Change your network topology Encryption Part of your lab research – find out which topology and/or device is most protective against sniffers SSH IPSec Detect sniffers Antisniff – from the l0pht group Snort Normally for intrusion detection, but will also attempt to detect a host working in promiscuous mode Lab Assignment Handout has been posted DEN Students: This lab can be done on a home machine (I advice against doing it at work). The DEN lab will be set up next week. You will receive an e-mail with your login by next week. Lab assignment is DUE on 9/25/06 by 11:59:59 PM FOR DEN STUDENTS ONLY All other students, this lab is to be done during next week’s (9/18) lab section and is due before the following week’s (9/25) lab section Lab Assignment Continued Submission guidelines E-mail the answers questions at the end of the handout by the due date. Attach as a text file, .doc, or .pdf Submit to YOUR LAB T.A. ONLY Subject line must say: CSCI 530 Lab 3 <section day & time> Where <section day & time> are replaced with your day & time Example: CSCI 530 Lab 3 Friday 12:30 We do not send confirmation e-mails. If you request a read receipt or a return receipt, we will say yes and you will get a confirmation.